Creating security groups

This page explains how to create security groups . You can create a new security group or update a Google group to a security group.

Before you begin

Perform the following tasks before proceeding with the information on this page:

Read the Groups API overview .
Set up the Groups API .

Security group requirements

Security groups can only contain the following:

Users inside or outside of your domain (while associated with a Google service)
Service accounts inside or outside of your domain
Security groups inside of your domain

You can't apply the security group label to a Google Group that doesn't meet these conditions.

Only predefined Super Admins or Groups Admins have the permissions to update security groups.

Creating a new security group

REST

To create a security group, call groups.create() with an instance of the new group. The group instance must include a groupKey , Parent , and labels set to cloudidentity.googleapis.com/groups.security and cloudidentity.googleapis.com/groups.discussion_forum

Python

The following example shows a helper function to create a Google Group using the Python client library:

  def 
  
 create_google_group 
 ( 
 service 
 , 
 customer_id 
 , 
 group_id 
 , 
 group_display_name 
 , 
 group_description 
 ): 
 group_key 
 = 
 { 
 "id" 
 : 
 group_id 
 } 
 group 
 = 
 { 
 "parent" 
 : 
 "customers/" 
 + 
 customer_id 
 , 
 "description" 
 : 
 group_description 
 , 
 "displayName" 
 : 
 group_display_name 
 , 
 "groupKey" 
 : 
 group_key 
 , 
 # Set the label to specify creation of a Google Group. 
 "labels" 
 : 
 { 
 "cloudidentity.googleapis.com/groups.security" 
 : 
 "" 
 , 
 "cloudidentity.googleapis.com/groups.discussion_forum" 
 : 
 "" 
 } 
 } 
 try 
 : 
 request 
 = 
 service 
 . 
 groups 
 () 
 . 
 create 
 ( 
 body 
 = 
 group 
 ) 
 request 
 . 
 uri 
 += 
 "&initialGroupConfig=WITH_INITIAL_OWNER" 
 response 
 = 
 request 
 . 
 execute 
 () 
 print 
 ( 
 response 
 ) 
 except 
 Exception 
 as 
 e 
 : 
 print 
 ( 
 e 
 )

Updating a Google Group to a security group

REST

To update a Google Group to a security group, call groups.patch() with updateMask set to cloudidentity.googleapis.com/groups.security and cloudidentity.googleapis.com/groups.discussion_forum .

Sample request body

  { 
  
 "labels" 
 : 
  
 { 
  
 "cloudidentity.googleapis.com/groups.security" 
 : 
  
 "" 
 , 
  
 "cloudidentity.googleapis.com/groups.discussion_forum" 
 : 
  
 "" 
  
 } 
 }

Python

The following example shows a helper function to update a Google Group to a security group using the Python client library:

  def 
  
 add_security_label_to_group 
 ( 
 service 
 , 
 group_name 
 ): 
 group 
 = 
 { 
 "labels" 
 : 
 { 
 "cloudidentity.googleapis.com/groups.security" 
 : 
 "" 
 , 
 "cloudidentity.googleapis.com/groups.discussion_forum" 
 : 
 "" 
 } 
 } 
 try 
 : 
 request 
 = 
 service 
 . 
 groups 
 () 
 . 
 patch 
 ( 
 name 
 = 
 group_name 
 , 
 body 
 = 
 group 
 ) 
 request 
 . 
 uri 
 = 
 request 
 . 
 uri 
 + 
 '&updateMask=labels' 
 response 
 = 
 request 
 . 
 execute 
 () 
 print 
 ( 
 response 
 ) 
 except 
 Exception 
 as 
 e 
 : 
 print 
 ( 
 e 
 )